Analysis
-
max time kernel
143s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220331-en -
submitted
07-04-2022 16:51
Behavioral task
behavioral1
Sample
1c51743f17f9c5857d6ef3e2055d7e5c.exe
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
1c51743f17f9c5857d6ef3e2055d7e5c.exe
Resource
win10v2004-20220331-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
1c51743f17f9c5857d6ef3e2055d7e5c.exe
-
Size
37KB
-
MD5
1c51743f17f9c5857d6ef3e2055d7e5c
-
SHA1
a7ff86648725f2113316fe43c3e090ecdddde833
-
SHA256
e38f21ebea32604e4eb53752699175be72bff67e891a9bc5ba06538225554398
-
SHA512
839246085d1e9ce3be6bf618e00812c223a0e7ad5d71d1debe7ce0a5e8653dfd66d0860f79382ec71edf97093e6e23a8e54313aad01ea6ed76b8a3fbacb33f22
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
1c51743f17f9c5857d6ef3e2055d7e5c.exefondue.exedescription pid process target process PID 4376 wrote to memory of 4440 4376 1c51743f17f9c5857d6ef3e2055d7e5c.exe fondue.exe PID 4376 wrote to memory of 4440 4376 1c51743f17f9c5857d6ef3e2055d7e5c.exe fondue.exe PID 4376 wrote to memory of 4440 4376 1c51743f17f9c5857d6ef3e2055d7e5c.exe fondue.exe PID 4440 wrote to memory of 376 4440 fondue.exe FonDUE.EXE PID 4440 wrote to memory of 376 4440 fondue.exe FonDUE.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\1c51743f17f9c5857d6ef3e2055d7e5c.exe"C:\Users\Admin\AppData\Local\Temp\1c51743f17f9c5857d6ef3e2055d7e5c.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\fondue.exe"C:\Windows\system32\fondue.exe" /enable-feature:NetFx3 /caller-name:mscoreei.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\FonDUE.EXE"C:\Windows\sysnative\FonDUE.EXE" /enable-feature:NetFx3 /caller-name:mscoreei.dll3⤵